Closed JennyMet closed 4 years ago
I believe the error says it all, on the initial request that results in redirecting to the issuer's authorization_endpoint
the strategy sets an object to the req.session's oidc:accounts.rvm.com
property.
Said object is not there when getting the callback. You should investigate why that's the case. It’s not a problem with the strategy but rather, the underpinings used such as passport, cookie/express sessions etc.
Thanks for the quick answer, Im a bit lost with all the middleware stuff, it took some time to make it work with the right oreder of the middleware and it works but not stable. I use the latest version of all the components, could you please give me hint or something, where do you think the issue could be? as it works, but sometimes after 5-10 request I got this error.
Debugging passport and cookie/express-session isn’t really in my capacity nor in my scope. This strategy conforms to the API passport requires and follows the implementation of other strategies only in a generic OIDC compliant way.
I can see one issue in your code, the way you’re passing “cfg” to the strategy isn’t right. Please refer to the documentation, there’s no recognized or used cfg property there.
Thanks you very much for the tip,
Do you mean like this? it use different lib, if not could you please provide a reference?
http://www.passportjs.org/docs/openid/
var passport = require('passport')
, OpenIDStrategy = require('passport-openid').Strategy;
passport.use(new OpenIDStrategy({
returnURL: 'http://www.example.com/auth/openid/return',
realm: 'http://www.example.com/'
},
function(identifier, done) {
User.findOrCreate({ openId: identifier }, function(err, user) {
done(err, user);
});
}
));
No. I obviously meant the documentation for THIS module.
Thanks a lot!!! Is there a way that I remove the passport usage ? as I use it to the serialize user session claims etc. Im not happy with it and I think that I should remove it, looking at my code is should be simple or I should refactor all ?
@panva looking at the following statement "Generic OpenID Connect Passport authentication middleware strategy." says that I need to use passport, is there example that can I use cleaner OIDC implementation without passport at all ?
@panva looking at the following statement "Generic OpenID Connect Passport authentication middleware strategy." says that I need to use passport, is there example that can I use cleaner OIDC implementation without passport at all ?
https://github.com/panva/node-openid-client/issues/282#issuecomment-669004901
I really don't follow your line of reasoning. This is a generic client first (which is evident from just glancing over the readme or API documentation), exposing a generic OIDC passport strategy second. It is framework agnostic. The strategy is in place just because people kept asking for one. The quick starts in the project's readme explain the steps you ought to take for the very basic flows and you are responsible for integrating with the framework of your choice.
HI,
I use the following code which works, However after few success calls (3-10), I sometimes get internal server error with the following error,
I use the
3.15.9
Any idea what could be wrong?My code from the stack is
which is the end of the code
This is the full code (I pass the
app
which is simply express server) , am I doing something wrong?This is the index.js
This is the logon.js
if something is missing please let me know. we want to use this code in prod instead of java previous implementation ...